Authorisation | Anjana Data Documentación

In Anjana Data, user authorization is based on the assignment of roles to people within organizational units (OUs). This combination determines what actions each user can perform and in which scopes within the platform.

User-Ou-Roles Table in the Configuration Panel (Administrator view)

The management of these assignments is carried out through the Users-OU-Roles table, which acts as the central permissions control mechanism.

Screenshot of the `Users-OU-Roles` table for assigning roles to users in OUs

Structure of the `Roles` table

Each record in the users_ou_role table defines a unique assignment between a user, an organizational unit, and a role.
The elements that characterize this assignment are:

user: unique identifier of the user.
- Corresponds to the id field of the Users table.
ou: unique identifier of the Organizational Unit.
- Corresponds to the id field of the Organizational Unit table.

The assignment must be made to a leaf organizational unit, never at an intermediate or root level. For example, if the unit “Data Space/Tourism” has been configured, roles must never be assigned at the “Data Space” level.

role: unique identifier of the role.
- Corresponds to the id field of the Roles table.

Assigning roles to users

Assigning cross roles

To assign a user a role that has been configured as Cross (see configuration of the Roles table), the following steps must be followed:

Click the New button in the upper-right corner. This will open a wizard with the fields defined in the Structure section.
Fill in the fields as follows:
1. user: Select the user identifier. If the user does not exist, it must be created first.
2. ou: Select the default Cross unit. This OU is created internally by the platform; however, if it has been manually deleted, it must be recreated to authorize cross roles.
3. role: Select the role from among the previously configured roles. If the role does not exist, it must be created first.
Click Save to save the role or Cancel to discard.

Example screenshot of a cross role assignment

Assigning vertical roles

To assign a user a vertical role that has not been configured as cross (see configuration of the Roles table), the following steps must be followed:

Click the New button in the upper-right corner. This will open a wizard with the fields defined in the Structure section.
Fill in the fields as follows:
1. user: Select the user identifier. If the user does not exist, it must be created first.
2. ou: Select the corresponding leaf organizational unit. If it does not exist, it must be created first.
3. role: Select the role from among the previously configured roles. If the role does not exist, it must be created first.
Click Save to save the role or Cancel to discard.

Example screenshot of a vertical role assignment

Modifying authorizations

To modify the assignment of roles to users in organizational units, a record can be deleted and a new one created.

Configuring authorization via direct database access (Developer view)

The database (DB) table containing the role-to-user assignment parameters has the following structure:

Column	Data type	Constraints / Notes
user_id	int4 (INTEGER)	Not null. Foreign key to `users.id_user`. User identifier.
ou_id	int4 (INTEGER)	Not null. Foreign key to `organizational_unit.id_organizational_unit`. Organizational unit identifier.
rol_id	int4 (INTEGER)	Not null. Foreign key to `role.id_role`. Role identifier.
unique_idx	—	UNIQUE (user_id, ou_id, rol_id) constraint. Ensures no duplicates exist in the user–OU–role combination.

Foreign keys

Column	Referenced table	Referenced field	Description
`user_id`	`zeus.users`	`id_user`	Validates that the user exists.
`ou_id`	`zeus.organizational_unit`	`id_organizational_unit`	Validates that the organizational unit exists.
`rol_id`	`zeus.role`	`id_role`	Validates that the role exists.

Configuration example using SQL

To define user-to-role assignments:

SQL

INSERT INTO zeus.user_ou_role (user_id, ou_id, rol_id) VALUES
(1,1,1),
(1,39,4),
(2,1,15),
(2,1,16),
(2,3,2);